/*************************************** ***************************
*
* Monitoring TCP/IP communication in Windows
*
* Author by jefong 2005/08/08
*
* Netdump. c
*
**************************************** **************************/
# Include <stdio. h>
# Include <winsock2.h>
# Include "iphead. H"
# Define src_right
# If defined (src_right)
Static char srcid [] = "@ (#) netdump. C (jefong: sjf331@21cn.com ";
# Endif/* Author's right info */
# Define sio_rcvall _ wsaiow (ioc_vendor, 1)
Char Buf [2*32767];
Int main ()
{
Sockaddr_in addrin, addrin_svr;
Piphdr IP address; // IP Header
Ptcphdr TCP; // TCP Header
Int sock, R, Len;
Char * data;
Char ss [32], Dd [32];
Memset (& addrin, 0, sizeof (addrin ));
Memset (& addrin_svr, 0, sizeof (addrin_svr ));
Wsadata;
Wsastartup (makeword (2, 2), & wsadata );
If (sock = wsasocket (af_inet, sock_raw, ipproto_ip, null, 0, wsa_flag_overlapped ))
= Invalid_socket)
{
Printf ("create socket error! ");
Wsacleanup ();
Return 1;
}
Addrin_svr.sin_family = af_inet;
// Addrin_svr.sin_port = htons (short) 5555 );
Addrin_svr.sin_addr.s_addr = inet_addr ("192.168.4.218 ");
Int err = BIND (sock, (struct sockaddr *) & addrin_svr, sizeof (addrin_svr ));
If (Err! = 0 ){
Printf ("bind socket error! /N ");
Closesocket (sock );
Wsacleanup ();
Return (2 );
}
DWORD lpvbuffer = 1;
DWORD maid = 0;
Wsaioctl (sock, sio_rcvall, & lpvbuffer, sizeof (lpvbuffer ),
Null, 0, & lpcbbytesreturned, null, null );
For (;;){
Len = sizeof (addrin );
R = recvfrom (sock, (char *) BUF, sizeof (BUF), 0, (struct sockaddr *) & addrin, & Len );
If (r> = 0)
{
Buf [R] = 0;
IP = (struct iphdr *) BUF;
TCP = (struct tcphdr *) (BUF + sizeof (struct iphdr ));
If (strcmp (inet_ntoa (* (struct in_addr *) & (IP-> sourceip )),
"192.168.4.216") = 0)
{
Printf ("pktsize: % d iplen % d prot % d % s: % d --> % s: % d/N ",
R, IP-> total_len, IP-> protocol,
Strcpy (SS, inet_ntoa (* (struct in_addr *) & (IP-> sourceip ))),
Ntohs (TCP-> th_sport ),
Strcpy (DD, inet_ntoa (* (struct in_addr *) & (IP-> destip ))),
Ntohs (TCP-> th_dport), TCP-> th_urp );
Data = BUF + 40;
Printf ("Data = ");
Int I;
For (I = 0; I <(r-40); I ++)
{
Printf ("0x % 02x", data [I]);
}
Printf ("/n [% s]", data );
Printf ("/N ");
}
}
}
Wsacleanup ();
Return 0;
}
// Iphead. h
Typedef struct ethdr
{
Unsigned char eh_dst [6];
Unsigned char eh_src [6];
Unsigned short eh_type;
} Ethdr, * pethdr;
Typedef struct arphdr
{
Unsigned short arp_hdr;
Unsigned short arp_pro;
Unsigned char arp_hln;
Unsigned char arp_pln;
Unsigned short arp_opt;
Unsigned char arp_sha [6];
Unsigned long arp_spa;
Unsigned char arp_tha [6];
Unsigned long arp_tpa;
} Arphdr, * parphdr;
Typedef struct iphdr
{
Unsigned char h_lenver;
Unsigned char TOS;
Unsigned short total_len;
Unsigned short ident;
Unsigned short frag_and_flags;
Unsigned char TTL;
Unsigned char protocol;
Unsigned short checksum;
Unsigned int sourceip;
Unsigned int destip;
} Iphdr, * piphdr;
Typedef struct PSD
{
Unsigned int saddr;
Unsigned int daddr;
Char mbz;
Char ptcl;
Unsigned short udpl;
} PSD, * ppsd;
Typedef struct udphdr
{
Unsigned short souceport;
Unsigned short destport;
Unsigned short length;
Unsigned short checksum;
} Udphdr, * pudphdr;
Typedef struct tcphdr {
Ushort th_sport; // 16-bit Source Port
Ushort th_dport; // 16-bit destination port
Unsigned int th_seq; // 32-bit serial number
Unsigned int th_ack; // 32-bit confirmation number
Unsigned char th_lenres; // 4-bit header length/6-bit reserved words
Unsigned char th_flag; // 6-digit flag
Ushort th_win; // 16-bit window size
Ushort th_sum; // 16-bit checksum
Ushort th_urp; // 16-bit emergency data offset
} Tcphdr, * ptcphdr;
Typedef struct DNS
{
Unsigned short ID;
Unsigned short flags;
Unsigned short quests;
Unsigned short answers;
Unsigned short author;
Unsigned short addition;
} DNS, * pdns;
Typedef struct Query
{
Unsigned short type;
Unsigned short classes;
} Query, * pquery;
Typedef struct response
{
Unsigned short name;
Unsigned short type;
Unsigned short classes;
Unsigned int TTL;
Unsigned short length;
Unsigned int ADDR;
} Response, * presponse;